Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:12:51Zhttps://gitlab.torproject.org/legacy/trac/-/issues/34043Update snowflake to persist sessions across proxies2020-06-16T01:12:51ZDavid Fifielddcf@torproject.orgUpdate snowflake to persist sessions across proxiesThis updates snowflake for #33745 and #33897, which add Turbo Tunnel features to snowflake.
There are two new dependencies, kcp-go and smux, which together make up the inner reliability layer. There's a patch to kcp-go to eliminate depe...This updates snowflake for #33745 and #33897, which add Turbo Tunnel features to snowflake.
There are two new dependencies, kcp-go and smux, which together make up the inner reliability layer. There's a patch to kcp-go to eliminate dependencies of features we don't use.
This is a Tor Browser ticket but I'm putting it in Circumvention/Snowflake to start to see if there's anything else we want to merge at the same time. Maybe #34042?David Fifielddcf@torproject.orgDavid Fifielddcf@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/33884Meek-Azure and SnowFlake are still broken2020-06-13T18:21:54ZTracMeek-Azure and SnowFlake are still brokenMeek-Azure and SnowFlake are still broken.
Will not connect.
This still has not been fixed
**Trac**:
**Username**: z1zMeek-Azure and SnowFlake are still broken.
Will not connect.
This still has not been fixed
**Trac**:
**Username**: z1zhttps://gitlab.torproject.org/legacy/trac/-/issues/33706Tor does not work with meek-azure or snowflake bridges2020-06-13T18:36:27ZTracTor does not work with meek-azure or snowflake bridgesTor does not work with meek-azure or snowflake bridges.
Even after 5mins nothing.
It will not connect to tor with these 2 types of bridges.
TorBrowser 9.5a8
**Trac**:
**Username**: z1zTor does not work with meek-azure or snowflake bridges.
Even after 5mins nothing.
It will not connect to tor with these 2 types of bridges.
TorBrowser 9.5a8
**Trac**:
**Username**: z1zhttps://gitlab.torproject.org/legacy/trac/-/issues/33576Update pion-webrtc version to 2.2.32020-06-16T01:26:17ZCecylia BocovichUpdate pion-webrtc version to 2.2.3We recently tracked down some issues with the pion library that were causing inefficiencies and infinite loops to occur (see #33211).
These have been addressed in pion-dtls `v2.0.0-rc.7` and pion-sctp `v1.7.5`. I'd suggest just bumping ...We recently tracked down some issues with the pion library that were causing inefficiencies and infinite loops to occur (see #33211).
These have been addressed in pion-dtls `v2.0.0-rc.7` and pion-sctp `v1.7.5`. I'd suggest just bumping to the latest version of pion-webrtc `v2.2.3`, which includes version bumps for each of these supporting libraries.https://gitlab.torproject.org/legacy/trac/-/issues/33306Consider mapping snowflake locales as we map the tor button and others2020-06-13T17:33:43ZemmapeelConsider mapping snowflake locales as we map the tor button and othersThe Tor Browser is based on Firefox ESR, and so it must use the locale mapping of firefox. But transifex mapping differs a bit. So we map this changes from transifex:
bn = bn-BD
en_GB = en-GB
en = en-US
es_AR = es-AR
es_CL = es-CL
es_CO...The Tor Browser is based on Firefox ESR, and so it must use the locale mapping of firefox. But transifex mapping differs a bit. So we map this changes from transifex:
bn = bn-BD
en_GB = en-GB
en = en-US
es_AR = es-AR
es_CL = es-CL
es_CO = es-CO
es = es-ES
es_MX = es-MX
fy = fy-NL
ga = ga-IE
gu = gu-IN
hi = hi-IN
hr_HR = hr-HR
hy = hy-AM
ms_MY = ms
nb = nb-NO
nn = nn-NO
nl_BE = nl-BE
pa = pa-IN
pt_BR = pt-BR
pt_PT = pt-PT
si_LK = si
sv = sv-SE
zh_CN = zh-CN
zh_HK = zh-HK
zh_TW = zh-TW
maybe Snowflake should be mapped with the same locales?Cecylia BocovichCecylia Bocovichhttps://gitlab.torproject.org/legacy/trac/-/issues/32570CollecTor stopped collecting snowflake stats2020-06-13T17:52:26ZCecylia BocovichCollecTor stopped collecting snowflake statsLooks like this coincides with when the `bamsoftware.com` and `freehaven.net` domains were switched to the new host (#29258).
Perhaps CollecTor needs to update it's DNS cache? In any case, it's safe to point to `snowflake-broker.torproj...Looks like this coincides with when the `bamsoftware.com` and `freehaven.net` domains were switched to the new host (#29258).
Perhaps CollecTor needs to update it's DNS cache? In any case, it's safe to point to `snowflake-broker.torproject.net` again.https://gitlab.torproject.org/legacy/trac/-/issues/32128Point DNS for snowflake-broker.torproject.net at the new broker set up in #292582020-06-13T16:59:16ZDavid Fifielddcf@torproject.orgPoint DNS for snowflake-broker.torproject.net at the new broker set up in #29258Please point the DNS name snowflake-broker.torproject.net at the two IP addresses:
```
37.218.245.111
2a00:c6c0:0:154:4:d8aa:b4e6:c89f
```
There is a PGP-signed statement of those addresses at https://lists.torproject.org/pipermail/anti-...Please point the DNS name snowflake-broker.torproject.net at the two IP addresses:
```
37.218.245.111
2a00:c6c0:0:154:4:d8aa:b4e6:c89f
```
There is a PGP-signed statement of those addresses at https://lists.torproject.org/pipermail/anti-censorship-team/2019-October/000040.html.
In comment:11:ticket:29258, we set up a new Snowflake broker that has an IPv6 address. At [today's anti-censorship meeting](http://meetbot.debian.net/tor-meeting/2019/tor-meeting.2019-10-17-16.59.log.html) we decided to test it by first pointing the (currently unused) snowflake-broker.torproject.net DNS at it.
```
17:07:37 <dcf1> I've set up a new broker and documented the installation instructions.
17:07:54 <dcf1> https://trac.torproject.org/projects/tor/ticket/29258#comment:11
17:08:20 <dcf1> Figners crossed, I think all that's needed to start using it is to update some DNS records.
17:08:36 <dcf1> But perhpas we should do a smaller-scale test first.
17:09:41 <dcf1> One option is we give the new broker a hostname different than the snowflake-broker ones already in use; that way we can test it ourselves.
17:09:59 <cohosh> we have 3 different broker domains already
17:10:02 <dcf1> Another option is to only set up AAAA records now, so that IPv4 traffic goes to the old broker and IPv6 traffic goes to the new.
17:10:05 <cohosh> bamsoftware, freehaven, and tp.net
17:10:25 <dcf1> Yeah and freehaven is a CNAME to bamsoftware, so really we only need to update bamsoftware and torproject.
17:10:39 <cohosh> we could switch tp.net first and test with that
17:10:54 <cohosh> since freehaven/bamsoftware is the deployed one
17:11:04 <cohosh> we haven't deployed tp.net in the client or proxies yet
17:11:24 <dcf1> Yeah I guess you're right.
17:11:24 <cohosh> due to concerns that some places (like the UK) are good places for proxies but may block tor project domains
17:11:54 <dcf1> And I guess that snowflake-broker.azureedge.net still points to the bamsoftware one, though I would have to check to be sure.
17:12:19 <dcf1> Okay, that's a good idea cohosh. We need to ask someone to update the torproject.net names to the IP addresses mentioned in the ticket.
17:13:14 <dcf1> Then we ourselves can test using the client with `-url https://snowflake-broker.torproject.net/' and proxy-go with `-broker https://snowflake-broker.torproject.net/`
```
anarcat originally set up the snowflake-broker.torproject.net domain at comment:13:ticket:31232.anarcatanarcathttps://gitlab.torproject.org/legacy/trac/-/issues/32061Bump snowflake to b4f4b29a032020-06-16T01:08:23ZCecylia BocovichBump snowflake to b4f4b29a03Includes merge of pion branch to master (#28942) and removal of handler counting code (#32046).
This will solve the build failure in #32066.Includes merge of pion branch to master (#28942) and removal of handler counting code (#32046).
This will solve the build failure in #32066.https://gitlab.torproject.org/legacy/trac/-/issues/32056`panic: keyword "PROXY-ERROR %s\n" contains forbidden bytes` when using snowf...2020-06-16T01:08:26ZTrac`panic: keyword "PROXY-ERROR %s\n" contains forbidden bytes` when using snowflakeTBB log:
```
10/14/19, 10:22:02.757 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.815 [NOTICE] DisableNetwork is set. Tor will not...TBB log:
```
10/14/19, 10:22:02.757 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.815 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.816 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.816 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
10/14/19, 10:22:10.816 [NOTICE] Opening Socks listener on 127.0.0.1:9150
10/14/19, 10:22:10.816 [NOTICE] Opened Socks listener on 127.0.0.1:9150
10/14/19, 10:22:10.948 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: panic: keyword "PROXY-ERROR %s\n" contains forbidden bytes
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported:
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: goroutine 1 [running]:
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.formatline(0x83e73d3, 0xf, 0xa0d7f4c, 0x1, 0x1, 0x1, 0x1)
10/14/19, 10:22:10.949 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:250 +0x267
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.line(0x83e73d3, 0xf, 0xa0d7f4c, 0x1, 0x1)
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:266 +0x45
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.doError(...)
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:271
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: git.torproject.org/pluggable-transports/goptlib%2egit.ProxyError(...)
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/dist/gopath/src/git.torproject.org/pluggable-transports/goptlib.git/pt.go:302
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: main.main()
10/14/19, 10:22:10.950 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: /var/tmp/build/snowflake-49a899be452a/client/snowflake.go:158 +0xd81
10/14/19, 10:22:10.951 [WARN] Pluggable Transport process terminated with status code 512
```
TBB version:tor-browser-linux32-9.0a7_en-US.tar.xz
**Trac**:
**Username**: omlnnucihttps://gitlab.torproject.org/legacy/trac/-/issues/32027Bump version of Go to 1.13+2022-09-01T23:00:13ZCecylia BocovichBump version of Go to 1.13+We're going to need it eventually for newer versions of pion/webrtc, and there's a nice feature in to log package that allows us to pass the log output writer to libraries.We're going to need it eventually for newer versions of pion/webrtc, and there's a nice feature in to log package that allows us to pass the log output writer to libraries.boklmboklmhttps://gitlab.torproject.org/legacy/trac/-/issues/31932Snowflake LICENSE file is in Docs\snowflake, while others are in Docs\License...2020-06-16T01:07:58ZboklmSnowflake LICENSE file is in Docs\snowflake, while others are in Docs\Licenses\PluggableTransportsSomeone reported on the blog that the Snowflake LICENSE file is in directory `TorBrowser/Docs` while other licenses files are in `TorBrowser/Docs/Licenses/PluggableTransports/LICENSE`:
https://blog.torproject.org/comment/284257#comment-2...Someone reported on the blog that the Snowflake LICENSE file is in directory `TorBrowser/Docs` while other licenses files are in `TorBrowser/Docs/Licenses/PluggableTransports/LICENSE`:
https://blog.torproject.org/comment/284257#comment-284257
An other comment is mentioning that the `Reproducible build with TBB` line in the README can now be checked.https://gitlab.torproject.org/legacy/trac/-/issues/31446Assembling WebRTC sources for snowflake hangs2020-06-16T01:06:34ZGeorg KoppenAssembling WebRTC sources for snowflake hangsAssembling the WebRTC sources for building snowflake for Linux/macOS is currently hanging at the Google Play License acceptance step [sic!]. This used to be a mobile-only issue but we are hitting it as well on desktop now. (see: #28672 f...Assembling the WebRTC sources for building snowflake for Linux/macOS is currently hanging at the Google Play License acceptance step [sic!]. This used to be a mobile-only issue but we are hitting it as well on desktop now. (see: #28672 for a workaround for the mobile side which we probably need to generalize)https://gitlab.torproject.org/legacy/trac/-/issues/31423Improve building documentation2020-06-13T18:20:54ZTracImprove building documentationIn the snowflake monorepo it isn't clear which project does what.
For example the server-webrtc's readme doesn't specify clearly what it is nor what it does, it also has some config and bash lines without much explanation of why.
It wo...In the snowflake monorepo it isn't clear which project does what.
For example the server-webrtc's readme doesn't specify clearly what it is nor what it does, it also has some config and bash lines without much explanation of why.
It would be useful to be more detailed in this kind of documentation for those interested in running a broker, snowflake/proxy or server.
**Trac**:
**Username**: sernahttps://gitlab.torproject.org/legacy/trac/-/issues/31403Bump snowflake to cd650fa0092020-06-16T01:06:29ZCecylia BocovichBump snowflake to cd650fa009Looks like we don't have the over-zealous log scrubber fix deployed for the client yet. Just bumping this to the most recent client fixes.Looks like we don't have the over-zealous log scrubber fix deployed for the client yet. Just bumping this to the most recent client fixes.https://gitlab.torproject.org/legacy/trac/-/issues/31380/usr/lib/x86_64-linux-gnu/libstdc++.so.6: version `CXXABI_1.3.11' not found (...2020-06-16T01:06:12ZTrac/usr/lib/x86_64-linux-gnu/libstdc++.so.6: version `CXXABI_1.3.11' not found (required by ./TorBrowser/Tor/PluggableTransports/snowflake-client)Similar to the Ticket #25485 but in the new alpha version when using the snowflake bridge.
```
8/8/19, 18:31:25.542 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing...Similar to the Ticket #25485 but in the new alpha version when using the snowflake bridge.
```
8/8/19, 18:31:25.542 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
8/8/19, 18:31:31.914 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
8/8/19, 18:31:31.914 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
8/8/19, 18:31:31.914 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
8/8/19, 18:31:31.914 [NOTICE] Opening Socks listener on 127.0.0.1:9150
8/8/19, 18:31:31.914 [NOTICE] Opened Socks listener on 127.0.0.1:9150
8/8/19, 18:31:32.212 [WARN] Managed proxy at './TorBrowser/Tor/PluggableTransports/snowflake-client' reported: ./TorBrowser/Tor/PluggableTransports/snowflake-client: /usr/lib/x86_64-linux-gnu/libstdc++.so.6: version `CXXABI_1.3.11' not found (required by ./TorBrowser/Tor/PluggableTransports/snowflake-client)
8/8/19, 18:31:32.216 [WARN] Pluggable Transport process terminated with status code 256
```
**Trac**:
**Username**: xhdixhttps://gitlab.torproject.org/legacy/trac/-/issues/31232Migrate default snowflake broker (and bridge?) to TPA machines2020-06-13T16:58:26ZCecylia BocovichMigrate default snowflake broker (and bridge?) to TPA machinesWe've talked about this off and on in the past and there are a few good reasons for doing it:
- Have redundant access and permissions to the DNS/hosts for the default broker and bridge URLs
- Right now we are having an issue with the exi...We've talked about this off and on in the past and there are a few good reasons for doing it:
- Have redundant access and permissions to the DNS/hosts for the default broker and bridge URLs
- Right now we are having an issue with the existing `bamsoftware.com` subdomains due to a Google safe browsing service blacklist (#31230)https://gitlab.torproject.org/legacy/trac/-/issues/30978Get snowflake metrics published2020-06-13T18:20:25ZCecylia BocovichGet snowflake metrics publishedWe've now implemented the collection of snowflake stats at the broker: #21315, and the metrics team has signed off of them as ready to publish.
The next step is to figure out how to export these statistics and where to publish them.
No...We've now implemented the collection of snowflake stats at the broker: #21315, and the metrics team has signed off of them as ready to publish.
The next step is to figure out how to export these statistics and where to publish them.
Noting that we should keep an eye on the guidelines in #29315 for this.https://gitlab.torproject.org/legacy/trac/-/issues/30513Add {arlolra, cohosh, dcf, phw} to default Cc of Circumvention/Snowflake tickets2020-06-13T16:57:40ZDavid Fifielddcf@torproject.orgAdd {arlolra, cohosh, dcf, phw} to default Cc of Circumvention/Snowflake ticketsRecently the Obfuscation/Snowflake component was renamed to Circumention/Snowflake. The change seems to have lost the default Cc that was set up in #23860. See comment:1:ticket:30510 for example. Is it possible to have these users Cced b...Recently the Obfuscation/Snowflake component was renamed to Circumention/Snowflake. The change seems to have lost the default Cc that was set up in #23860. See comment:1:ticket:30510 for example. Is it possible to have these users Cced by default in new Circumvention/Snowflake tickets?
```
arlolra cohosh dcf phw
```Jens KubiezielJens Kubiezielhttps://gitlab.torproject.org/legacy/trac/-/issues/30498Proxy-go is receiving a lot of client timeouts2020-06-13T18:20:04ZCecylia BocovichProxy-go is receiving a lot of client timeoutsSome proxy-go instances are experiencing what seems like an unusually high number of client timeout errors.Some proxy-go instances are experiencing what seems like an unusually high number of client timeout errors.https://gitlab.torproject.org/legacy/trac/-/issues/30367Remove serene's permission to push to /pluggable-transports/snowflake.git2020-06-13T16:57:37ZDavid Fifielddcf@torproject.orgRemove serene's permission to push to /pluggable-transports/snowflake.git```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Following discussion at #30142, please remove "serene" from the set of
users who can push to /pluggable-transports/snowflake.git.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEeXoyaux...```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Following discussion at #30142, please remove "serene" from the set of
users who can push to /pluggable-transports/snowflake.git.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEeXoyauxKR4rwUMw64rk9gVzTiOUFAlzLHb8ACgkQ4rk9gVzT
iOVVww/9F3avxwRHOQ5fyZNmgphoZtSjV9RGO6tvCTFK+jrOEIIeHisfcYRDqN3S
BAx3pPSyOEv6RbgwTFcjRFjF+cTKBw+bRYSDS7a+lC0jMewwnWLvfGP4+7RPDFMG
Rcg2PMvcuhid6kxPX5wDLfyfwhor9zI2a1qhvJanqUtFNwv1Mz9LMQArQhLSIjgc
CulYmbOoP2BUXH0C35J+pg02wb7WEiDKSHZIWUHNBPqGn6Ly9hQX0iiDujx2EtuS
IODTxg5mHzCIv5fLt8u2huJchrfRFQHE0nJEqYaKNUWQD/k0j3h/dIjyfTjt8wZ6
oqoEa/W0DxFm8mf5sNCZ/4IMVfpBwDrGyv2z15iv1/b9mMNHZ8qbjfijZGe2UTTL
wHX4cu8UKiH9dJAD3mQc2V91k1/Omeyd1vvzijINp9ofjEJzL3PJtT7wklOW6B6D
74PC/onhEwp7vPDY4fR2hEEJ3fDEkfzzk7ecZBlbNz1vTP9NsQmBSefiPzV8Pe/3
xKbZ5sL4VwAphd50C2yhcH725EsF0+Ho+Dd52hTh/4kYdT/94YFd7Qt3za170Nq2
Z9gXWUaM1AhFIBgSu4oIIOxf/uZY0Vg1F1JgqBzxYa2f/OJbrGtb4wt05cK62Yc3
TM4wSJ0u6TpK2ig33EXGvIdVtbqSQIhr6816xlQVhiyVzF4Ii0U=
=dzBw
-----END PGP SIGNATURE-----
```